日期:2014-05-17 浏览次数:20476 次
<html> <head> <title> Book-O-Rama Catalog Search</title> </head> <body> <h1>Book-O-Rama Catalog Search</h1> <?php //create short variable names $searchtype=$_POST['searchtype']; $searchterm=trim($_POST['searchterm']); if (!$searchtype || !$searchterm) { exit('You have not entered search detais,please go back again'); } if (!get_magic_quotes_gpc()){ $searchtype=addslashes($searchtype); $searchterm=addslashes($searchterm); } @ $db=new mysqli('localhost','root','password','books'); if (mysqli_connect_errno()){ echo "could not connect to database,please try again later.".mysqli_connect_errno(); exit; }else { $sql ="select * from books where".$searchtype."like'%".$searchterm."%'"; $result=$db->query($sql); $num_result=$result->num_rows; for ($i=0;$i<=$num_result;$i++){ $row=$result->fetch_assoc(); echo "<p>".($i+1)."title:"; echo htmlspecialchars(stripslashes($row['author'])); echo "Author:".stripslashes($row->newsauthor); echo "ISBN:".stripslashes($row->newsISBN); echo "price:".stripslashes($row->newsprice)."</p>"; } } $result->free(); $db->colse(); ?> </body> </html>
$sql ="select * from books where ".$searchtype." like '%".$searchterm."%'"; if ($result=$db->query($sql)) { $num_result=$result->num_rows; for ($i=0;$i<=$num_result;$i++){ $row=$result->fetch_assoc(); echo "<p>".($i+1)."title:"; echo htmlspecialchars(stripslashes($row['author'])); echo "Author:".stripslashes($row->newsauthor); echo "ISBN:".stripslashes($row->newsISBN); echo "price:".stripslashes($row->newsprice)."</p>"; } }else{ echo "fail."; exit; }